Army seeks information assurance ideas

Army officials are exploring what role industry could play in helping protect sensitive but unclassified information.

Last week, the Army issued a request for information about industry information assurance programs and said it plans to use the responses to put more precise language about data security in future acquisitions. The Army’s request is likely an acknowledgment of potential shortcomings in protecting information, said David Wilson, vice president of product management and support at Telos.

“DOD recognizes that there are substantial insecurities in the defense industrial base,” Wilson said. “In a worst-case scenario, these insecurities could lead to the injection of malicious code into the operating software of a weapons platform.”

The Program Executive Office for Enterprise Information Systems and the Assistant Secretary of the Army for Acquisition, Logistics and Technology issued the RFI.

The goal of applying industry best practices to Army projects is achievable, said Prem Iyer, director of Homeland Security Department information assurance programs at Apptis.

“RFIs such as this recent one the Army put out are one method,” Iyer said. “Another way would be to simply invite industry to demonstrate different methodologies, systems, and technologies that they are using that can be transported to government.”

Iyer said that although sharing methods with government agencies is easy, the challenge is figuring out how agencies can implement them.

“However, industry in general is behind the government in terms of processes and procedures for protecting sensitive information on IT systems,” Iyer said. “One exception to this would be in the financial and banking industries, and while they are probably the most advanced in this area, there might be some reluctance to share their methodologies.”

Army officials want to know how contractors identify digital data and protect it from unauthorized access and release and they handle encrypted data on servers, mobile devices and portable storage media, the service said.